65d823f343
Fixes wrong CPU vulnerability output:
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation:Vulnerable: Unprivileged eBPF enabled
It's enabled but CONFIG_BPF_UNPRIV_DEFAULT_OFF being unset causes the warning.
This warning happens on ARM32 and ARM64 devices.
Edited with:
find -name "*.config" -exec sed -i 's/# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set/CONFIG_BPF_UNPRIV_DEFAULT_OFF=y/g' '{}' ;
CONFIG_BPF_UNPRIV_DEFAULT_OFF is a Linux kernel build-time hardening option that disables unprivileged use of the bpf() syscall (and thus unprivileged eBPF loading) by default by setting kernel.unprivileged_bpf_disabled=2 at boot. With this default, only privileged processes (e.g., with CAP_SYS_ADMIN / CAP_BPF, depending on kernel) can load eBPF unless an administrator explicitly relaxes it. [1], [2]
Operational behavior you should know
kernel.unprivileged_bpf_disabled semantics (as documented in the kernel sysctl docs/patch):
0: unprivileged bpf() allowed
1: unprivileged bpf() blocked and cannot be re-enabled until reboot (no transition back to 0 while running)
2: unprivileged bpf() blocked but admin can later switch to 0 or 1 if needed
If CONFIG_BPF_UNPRIV_DEFAULT_OFF=y, the default becomes 2 instead of 0. [2]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
||
|---|---|---|
| .github | ||
| .vscode | ||
| config | ||
| extensions | ||
| lib | ||
| packages | ||
| patch | ||
| tools | ||
| .coderabbit.yaml | ||
| .editorconfig | ||
| .gitignore | ||
| action.yml | ||
| compile.sh | ||
| CONTRIBUTING.md | ||
| CREDITS.md | ||
| LICENSE | ||
| README.md | ||
| requirements.txt | ||
| shell.nix | ||
| VERSION | ||
Purpose of This Repository
The Armbian Linux Build Framework creates customizable OS images based on Debian or Ubuntu for single-board computers (SBCs) and embedded devices.
It builds a complete Linux system including kernel, bootloader, and root filesystem, giving you control over versions, configuration, firmware, device trees, and system optimizations.
The framework supports native, cross, and containerized builds for multiple architectures (x86_64, aarch64, armhf, riscv64) and is suitable for development, testing, production, or automation.
Looking for prebuilt images? Use Armbian Imager — the easiest way to download and flash Armbian to your SD card or USB drive. Available for Linux, macOS, and Windows.
Quick Start
git clone https://github.com/armbian/build
cd build
./compile.sh
Build Host Requirements
Hardware
- RAM: ≥8GB (less with
KERNEL_BTF=no) - Disk: ~50GB free space
- Architecture: x86_64, aarch64, or riscv64
Operating System
- Native builds: Armbian or Ubuntu 24.04 (Noble)
- Containerized: Any Docker-capable Linux
- Windows: WSL2 with Armbian/Ubuntu 24.04
Software
- Superuser privileges (
sudoor root) - Up-to-date system (outdated Docker or other tools can cause failures)
Resources
- Documentation — Comprehensive guides for building, configuring, and customizing
- Website — News, features, and board information
- Blog — Development updates and technical articles
- Forums — Community support and discussions
Contributing
We welcome contributions! See CONTRIBUTING.md for guidelines on reporting issues, submitting changes, and contributing code.
Support
Community Forums
Get help from users and contributors on troubleshooting, configuration, and development. 👉 forum.armbian.com
Real-time Chat
Join discussions with developers and community members on IRC or Discord. 👉 Community Chat
Paid Consultation
For commercial projects, guaranteed response times, or advanced needs, paid support is available from Armbian maintainers. 👉 Contact us
Contributors
Thank you to everyone who has contributed to Armbian!
Armbian Partners
Our partnership program supports Armbian's development and community. Learn more about our Partners.